...
If you run a discovery and, for whatever reason, Open-AudIT doesn't add the device to the database there wont be a direct way to view the Discovery log (Step 4 above). However,three will still be entries in the discovery_log table, you'll just need to dig them out the the database to look through them. To export the discovery logs select Admin -> Database -> List Tables from the Open-Audit menu, then look for the discovery_log table. Click the blue details icon to access the table, then click Export to CSV. This shoudl should create a CSV file that can be opened in a text editor or Excel. Search for the device's IP address and look through the related entries to determine what Open-AudIT found and what decisions it made regarding the device.
...
Open-AudIT runs an Nmap discovery on each target IP address. Open-AudIT scans the Nmap top 1000 TCP ports, as well as UDP 62078 (Apple IOS) and UDP 161 (SNMP). For Open-AudIT to consider a target IP to have a device responding, any of the Nmap Top 1000 TCP Ports must be responding or the UDP 62078.
At this point we need to double-check the information NMAP is receiving from the device. Open a command/terminal window on the Open-AudIT server and execute this command (The -F argument is a fast scan of the first 100 ports of the device, the IP is the IP address or FQDN of the device not responding) -
nmap -F IP
| Code Block | ||
|---|---|---|
| ||
[root@myserver:~]# nmap -F 192.168.0.10
Starting Nmap 7.40 ( https://nmap.org ) at 2018-10-16 13:27 UTC
Nmap scan report for targetdevice (192.168.0.10)
Host is up (0.18s latency).
Not shown: 94 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
443/tcp open https
514/tcp open shell
3306/tcp open mysql |
If the NMAP scan returns NO OPEN PORTS then the problem is configuration of the target device.
Step 7 - A target that responds to UDP 161 (SNMP) only and NO other ports (TCP or UDP 62078 / 161) is not considered to be responding.
...